Published in


CIO Perspectives with Mark Settle: The Future of Identity-Based Security Management

“CIO Perspectives” is a white paper series by Mark Settle that explores the top-of-mind technical issues confronting today’s CIOs and IT leaders. Mark is a seven-time CIO most recently at Okta, a three-time CIO 100 award winner, and a two-time book author. His most recent book is Truth from the Valley, A Practical Primer on IT Management for the Next Decade.

End user identity has become the primary security perimeter of every modern enterprise. Business-critical IT resources are accessed by employees and customers through an unpredictable and ever-changing mixture of corporate, public and private networks and devices. Identity authentication is the primary line of defense in this complex digital landscape. Stringent management of end user authorizations provides the second defensive barricade.

End user authorizations are defined in terms of the resources they can access, the actions they can take, and the entitlements they hold to selectively exercise approved actions within specific resources. Very few security vendors differentiate access permissions, action privileges and entity entitlements in a consistent fashion, creating unnecessary confusion about the specificity and effectiveness of the authorization controls provided by their solutions.

Conventional identity-based security safeguards have been provided by vendors specializing in Identity and Access Management (IAM), Identity and Governance Administration (IGA) and Privileged Access Management (PAM). Dominant vendors in each of these categories have been aggressively extending their capabilities into adjacent domains leading to the emergence of multifunctional platforms providing a blend of IAM/IGA/PAM capabilities.

At the same time venture capital firms have been investing billions of dollars in new identity-based safeguards that offer specialized capabilities in such areas as biometric authentication, identity verification, self sovereign identity, device identity, digital rights profiling and authorization customization. These niche services provide enterprises with the ability to construct bespoke authentication and authorization procedures that are customized for their business operations and tailored to the needs and expectations of their customers.

This report defines authorization controls on end user behavior in precise terms to ensure that buyers of identity-based safeguards fully understand the capabilities and limitations of the tools they are purchasing. It also envisions two very different technical strategies for leveraging future innovations in identity-based security management.

📚 Download the full white paper here.

Work-Bench is an enterprise technology VC fund in NYC. We support early go-to-market enterprise startups with community, workspace, and corporate engagement. Sign up to get our digest of top content & industry news weekly:

Recommended from Medium

Why should we be concerned about cybersecurity?

Guy at the desk

Detection technology and CSAM — the good, the bad and the ugly.

Essential Tools for Businesses Using or Migrating to G-Suite

Google Removed 1.7 Billion Bad Ads in 2016

Data persists on your device even when you delete it! Why?


AWS How to Copy EBS Volumes to Different Account

The joys of applying to the EU settlement Scheme

screenshot of a paragraph showing what the EU settlement Scheme is

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Work-Bench is an enterprise technology VC fund in NYC. We support early go-to-market enterprise startups with community, workspace, and corporate engagement.

More from Medium

UPS, FedEx, and USPS: What Delivery Company Is Faring Best This Holiday Season?

What impact will the COP launch of ISSB have on ESG Reporting?

What is Contextual Targeting? sets sights on Atlantic expansion with $7m investment